On Sun, Aug 30, 2009 at 05:09:16PM +0000, Michael Gilbert wrote:
> Author: gilbert-guest
> Date: 2009-08-30 17:09:16 +0000 (Sun, 30 Aug 2009)
> New Revision: 12708
>
> Modified:
> data/CVE/list
> Log:
> beginning of embedded code copies triage (5 down 395 to go)
>
> + - xulrunner <unfixed>
> + NOTE: libpng code copy present in xulrunner [./modules/libimg/png/*]
> and possibly [./gfx/cairo/cairo/*]
You should check whether the code is actually compiled in.
xulrunner links dynamically against libpng, so it is not affected.
There's no reason to track such embeddings in the security tracker,
since it's very common that the source packages still contain the
local code copies even if they're not used anymore.
Cheers,
Moritz
_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
